Open Source

An interesting case study by Joshua Drummond from UC Irvine compares two open source WAFs, ModSecurity and WebKnight to an unnamed commercial WAF. The results shed light not just on the difference between open source and commercial solutions but also highlight key requirements from a WAF. It seems that the two issues Joshua finds with Open Source WAFs are manageability and positive security. It would be interesting to see if the two new Open Source WAFs on the block would address those shortcomings.

It is no secret that the WAF market has not sky rocketed in recent years. With most open source security closing up, open source security has also seen better days. Do the two stand better chances together? Two open source WAFs announcements from WAF veterans during RSA will put this to a test....